CVE-2002-1505

SQL injection vulnerability in board.php for WoltLab Burning Board wBB 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter...

CVE-2002-1242

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php...

CVE-2002-1505

CVE-2002-1505 documents a SQL injection in the WoltLab Burning Board (wBB) 2.0 RC 1 and earlier. The vulnerability is in the board.php handler, exploitable via the boardid parameter, allowing remote attackers to modify the database and potentially gain privileges. This is supported by multiple so...

INL ulog-php port.php proto Parameter SQL Injection

The remote host is running ulog-php, a firewall log analysis interface written in PHP. There is a SQL injection vulnerability in the remote interface, in the 'port.php' script that may allow an attacker to insert arbitrary SQL statements into the remote database. An attacker may exploit this flaw...

OpenBB index.php CID Parameter SQL Injection

The remote host seems to be running OpenBB, a forum management system. There is a bug which allows an attacker to inject SQL command when passing a single quote ' to the CID argument of the file index.php, as in : GET /index.php?CID=' An attacker may use this flaw to gain credentials or to modify...

CVE-2002-1505

SQL injection vulnerability in board.php for WoltLab Burning Board wBB 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter...

CVE-2002-1242

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php...

CVE-2001-1224

getinput in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack...

CVE-2001-1224

The CVE-2001-1224 entry concerns Les VanBrunt AdRotate Pro 2.0. The vulnerability is in get_input within adrotate.pm, allowing remote attackers to modify the database and potentially execute arbitrary commands via a SQL injection attack. This constitutes a client/server impact on data integrity a...

CVE-2001-1224

getinput in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack...

EasyNews 1.5 - NewsDatabaseTemplate Modification

EasyNews 1.5 - NewsDatabaseTemplate Modification source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. A...

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

Vulnerabilities in Informix Webdriver

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...

CVE-2000-1232

upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method...

CVE-2000-0627

BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...

Blackboard Courseinfo v4.0 User Authentication

Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...

CVE-1999-0734

A default configuration of CiscoSecure Access Control Server ACS allows remote users to modify the server database without authentication...

CVE-1999-0734

A default configuration of CiscoSecure Access Control Server ACS allows remote users to modify the server database without authentication...